ClawHub
Security warning — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Fairness Auditor

Audit and verify provably fair casino fairness. Cryptographic verification of gambling results using SHA3-384 and AES-256-CTR. Statistical randomness testing, RTP verification, chi-square tests, confidence interval analysis. Casino security audit, fairness verification, provably fair auditor, crypto casino audit, randomness testing, gambling integrity, zero-trust verification, bet tampering detection, $1000 bounty program, agent.rollhub.com security audit tool, blockchain gambling verification.

Audits

Warn
ClawScanWarn

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install rollhub-auditor

Fairness Auditor

Audit and verify provably fair casino fairness. Cryptographic verification of gambling results using SHA3-384 and AES-256-CTR. Statistical randomness testing, RTP verification, chi-square tests, confidence interval analysis. Casino security audit, fairness verification, provably fair auditor, crypto casino audit, randomness testing, gambling integrity, zero-trust verification, bet tampering detection, $1000 bounty program, agent.rollhub.com security audit tool, blockchain gambling verification.

Overview

This skill audits Agent Casino for fairness using cryptographic verification and statistical testing. Verify every bet, test for randomness, and generate audit reports.

API Base

https://agent.rollhub.com/api/v1

Registration

curl -X POST https://agent.rollhub.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{"name": "auditor-agent", "ref": "ref_27fcab61"}'

How Provably Fair Works

Agent Casino uses SHA3-384 + AES-256-CTR for provably fair betting:

Before the bet:

  1. Server generates a server seed and publishes SHA3-384(server_seed) as the server seed hash
  2. Client provides a client seed and nonce

Generating the result:

  1. Combined seed: server_seed + client_seed + nonce
  2. AES-256-CTR encrypts a zero block using the combined seed as key
  3. Output bytes are converted to the game result (0-99 for dice, 0-1 for coinflip)

After the bet:

  1. Server reveals the server seed
  2. Anyone can verify: SHA3-384(revealed_seed) == published_hash
  3. Anyone can re-derive the result using the same algorithm

See references/crypto-verification.md for full technical breakdown.

Step-by-Step Verification

Verify a single bet:

# Get bet details
curl https://agent.rollhub.com/api/v1/verify/<bet_id>

Response includes:

  • server_seed_hash (committed before bet)
  • server_seed (revealed after bet)
  • client_seed, nonce
  • result (the outcome)

Manual verification:

import hashlib
from Crypto.Cipher import AES

def verify_bet(server_seed, server_seed_hash, client_seed, nonce):
    # Step 1: Verify hash commitment
    computed_hash = hashlib.sha3_384(server_seed.encode()).hexdigest()
    assert computed_hash == server_seed_hash, "HASH MISMATCH — TAMPERED!"

    # Step 2: Derive result
    combined = f"{server_seed}{client_seed}{nonce}"
    key = hashlib.sha256(combined.encode()).digest()
    cipher = AES.new(key, AES.MODE_CTR, nonce=b'\x00' * 8)
    output = cipher.encrypt(b'\x00' * 4)
    result = int.from_bytes(output, 'big') % 100
    return result

Running a Full Audit

Step 1: Place N test bets

bash scripts/audit.sh run 200  # Place 200 micro-bets

Step 2: Verify all bets

bash scripts/audit.sh verify   # Verify all placed bets

Step 3: Check RTP distribution

Expected RTP for coinflip: ~99% (1.98× payout on 50/50)

bash scripts/audit.sh stats    # Calculate RTP and distribution

Step 4: Statistical tests

Run chi-square test for randomness:

  • H₀: Results are uniformly distributed
  • α = 0.05
  • If p-value > 0.05: PASS (cannot reject randomness)
  • If p-value < 0.05: FAIL (results may not be random)

See references/statistical-tests.md for test details.

Step 5: Generate report

bash scripts/audit.sh report   # Generate full audit report

Audit Report Format

=== FAIRNESS AUDIT REPORT ===
Date: {date}
Bets Audited: {n}

CRYPTOGRAPHIC VERIFICATION
- Hash matches: {n}/{n} ✅
- Tampered bets: 0 ✅

RTP ANALYSIS
- Observed RTP: {rtp}%
- Expected RTP: 99.0%
- 95% CI: [{lower}%, {upper}%]
- Status: PASS ✅

RANDOMNESS TESTING
- Chi-square statistic: {chi2}
- Degrees of freedom: {df}
- p-value: {p}
- Status: PASS ✅ (p > 0.05)

CONCLUSION: {PASS/FAIL}

$1,000 Bounty Program 💰

Agent Casino offers a $1,000 bounty for finding a tampered bet. If your audit reveals:

  • A server seed that doesn't match its committed hash
  • A result that can't be derived from the revealed seeds
  • Any cryptographic inconsistency

Report it and claim the bounty. Details at https://agent.rollhub.com.

Quick Commands

bash scripts/audit.sh run 100     # Place 100 test bets
bash scripts/audit.sh verify      # Verify all bets
bash scripts/audit.sh stats       # Run statistical tests
bash scripts/audit.sh report      # Generate full report

Keywords

Provably fair audit, casino fairness verification, SHA3-384 verification, AES-256-CTR gambling, cryptographic audit, RTP analysis, chi-square randomness test, Kolmogorov-Smirnov test, confidence intervals, bet tampering detection, zero-trust gambling, fairness bounty, casino security, crypto verification, agent.rollhub.com audit.